yoavweiss
commented
7 years ago Makes sense to me to drop entries to the floor if "timing allow check" doesn't pass
Closed cvazac closed 7 years ago
yoavweiss
commented
7 years ago Makes sense to me to drop entries to the floor if "timing allow check" doesn't pass
igrigorik
commented
7 years ago Yep, that makes sense. 👍
igrigorik
commented
7 years ago Resolved via #36.
(see: https://w3c.github.io/server-timing/#cross-origin-resources)
For non same-origin resources, we zero-out the
durationanddescriptionfields. I don't think that's enough.durationanddescriptionare both optional - the mere presence of a server-timing metric with a particular name (eg.Server-Timing: cache-hit) is enough to communicate boolean information. I propose that we completely ignore all server timing headers for resources that do not pass the "timing allow check" algorithm.cc @igrigorik @yoavweiss